You are here:Home»KB»Programming»General»Redmine»Redmine Security and SSL
Friday, 06 February 2015 21:07

Redmine Security and SSL

Written by

Security and SSL

If you are using this on a real website you might want to use SSL and make your installation secure. There are a few things you can do. For most people running on their local machine that do not want it on the internet do not require any of these settings, but it will not harm if they did. Following the instructions above you should already be using ProxyRequests Off

<Directory> / <Location>

  • location acts upon the url only, directory works on the physical file path, so they basically do the same thing via the 2 declarative paths.
  • however, directory is a little more secure because there can be multip-le urls poitning to the same file whereas when using directory there is only 1 file path so directory is better for security permissions etc ..
  • directory and location directives can be used within a virtual host and will apply to that virtualhost only, if not it will be applied to the main/default website/name/localhost etc..
  • using <directory> is better than <location>

SSL on non default port

The optional protocol argument is not required for most configurations. If not specified, https is the default for port 443 and http the default for all other ports. The protocol is used to determine which module should handle a request, and to apply protocol specific optimizations with the AcceptFilter directive.

You only need to set the protocol if you are running on non-standard ports. For example, running an https site on port 8443:

Listen 192.170.2.1:8443 https

Hooks

Secure Proxy

apache httpd.conf

<Proxy *>
  Order Deny,Allow
  Deny from all
  Allow from 192.168.0
</Proxy>
Read 1978 times Last modified on Tuesday, 17 February 2015 18:19